atualizar somente proprios projetos (usuario) e botão de aceitar ou rejeitar...

atualizar somente proprios projetos (usuario) e botão de aceitar ou rejeitar visivel somente ao admin

src/main/java/br/ufpr/c3sl/participatorio/web/ProjetoController.java

@@ -8,6 +8,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
+import org.springframework.validation.ObjectError;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -16,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestParam;
 import br.ufpr.c3sl.participatorio.Projeto;
 import br.ufpr.c3sl.participatorio.Usuario;
 import br.ufpr.c3sl.participatorio.enums.TipoStatus;
+import br.ufpr.c3sl.participatorio.enums.TipoUsuario;
 
 @RequestMapping("/projetoes")
 @Controller
@@ -41,12 +43,16 @@ public class ProjetoController {
     
     @RequestMapping(method = RequestMethod.PUT, produces = "text/html")
     public String update(@Valid Projeto projeto, BindingResult bindingResult, Model uiModel, HttpServletRequest httpServletRequest) {
+    	Projeto p = (Projeto) Projeto.entityManager().createNativeQuery("select * from projeto where id = "+projeto.getId(), Projeto.class).getSingleResult();
+    	
+    	if (p.getUsuario().getPermissao() == TipoUsuario.Usuario && !p.getUsuario().getLogin().equals(SecurityContextHolder.getContext().getAuthentication().getName()))
+    		bindingResult.addError(new ObjectError("", "Esse projeto não está associado a sua conta."));
+    	
         if (bindingResult.hasErrors()) {
             populateEditForm(uiModel, projeto);
             return "projetoes/update";
         }
         
-        Projeto p = (Projeto) Projeto.entityManager().createNativeQuery("select * from projeto where id = "+projeto.getId(), Projeto.class).getSingleResult();
         projeto.setUsuario(p.getUsuario());
         
         uiModel.asMap().clear();

src/main/webapp/WEB-INF/views/projetoes/showcandidatos.jspx

 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<div xmlns:field="urn:jsptagdir:/WEB-INF/tags/form/fields" xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:page="urn:jsptagdir:/WEB-INF/tags/form" version="2.0">
+<div xmlns:field="urn:jsptagdir:/WEB-INF/tags/form/fields" xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:page="urn:jsptagdir:/WEB-INF/tags/form" xmlns:sec="http://www.springframework.org/security/tags" version="2.0">
     <jsp:directive.page contentType="text/html;charset=UTF-8"/>
     <jsp:output omit-xml-declaration="yes"/>
     <page:show id="ps_br_ufpr_c3sl_participatorio_Projeto" object="${projeto}" path="/projetoes" z="D0oL5mYFetkn/bZXW31CJL2EDUE=">
     
-    	<!-- <script type="text/javascript">
-			alert('${projeto.estado}');
-		</script>
-		
-		<c:if test="${projeto.estado}">
-			<c:set var="renderButton" value="true"/>
-		</c:if> -->
-		
-		
+		<sec:authorize ifAnyGranted="Administrador">
 	    	<form action="" method="POST">
 	    		<button type="submit" name="status" value="1">Aceitar</button>
 	    		<button type="submit" name="status" value="0">Rejeitar</button>
 	    	</form>
+    	</sec:authorize>
     
         <field:display field="pai" id="s_br_ufpr_c3sl_participatorio_Projeto_pai" object="${projeto}" z="4n4Iw3sGl6fL8jHSE2fUat8qLN4="/>
         <field:display field="nome" id="s_br_ufpr_c3sl_participatorio_Projeto_nome" object="${projeto}" z="rsXBQmVxhOA6fpmBsaOOxZCOB5w="/>

src/main/webapp/WEB-INF/views/usuarios/create.jspx

@@ -4,7 +4,7 @@
     <jsp:output omit-xml-declaration="yes"/>
     <form:create id="fc_br_ufpr_c3sl_participatorio_Usuario" modelAttribute="usuario" path="/usuarios" render="${empty dependencies}" z="sBi0BIbhxfFtvS44zYHnLMODwjM=">
         <field:input field="login" id="c_br_ufpr_c3sl_participatorio_Usuario_login" z="6OvGa7M/0sPSzNSclLE7Y4sb/oU="/>
-        <field:input field="senha" id="c_br_ufpr_c3sl_participatorio_Usuario_senha" type="password" required="true" z="Fzw/QULORJ8+FIOQOF8H5WEf7o4="/>
+        <field:input field="senha" id="c_br_ufpr_c3sl_participatorio_Usuario_senha" required="true" type="password" z="user-managed"/>
         <field:select field="permissao" id="c_br_ufpr_c3sl_participatorio_Usuario_permissao" items="${tipousuarios}" path="tipousuarios" z="Kpb8JBzpJ7PYZ9+dbrK6o6SJM18="/>
     </form:create>
     <form:dependency dependencies="${dependencies}" id="d_br_ufpr_c3sl_participatorio_Usuario" render="${not empty dependencies}" z="2S2Khlt8Zs3QW0bxgIewXxuzBz4="/>

src/main/webapp/WEB-INF/views/usuarios/update.jspx

@@ -4,7 +4,7 @@
     <jsp:output omit-xml-declaration="yes"/>
     <form:update id="fu_br_ufpr_c3sl_participatorio_Usuario" modelAttribute="usuario" path="/usuarios" versionField="Version" z="SwzSibl5xLBOtbcLMDq7FqYkcuI=">
         <field:input field="login" id="c_br_ufpr_c3sl_participatorio_Usuario_login" z="6OvGa7M/0sPSzNSclLE7Y4sb/oU="/>
-        <field:input field="senha" id="c_br_ufpr_c3sl_participatorio_Usuario_senha" type="password" required="true" z="Fzw/QULORJ8+FIOQOF8H5WEf7o4="/>
+        <field:input field="senha" id="c_br_ufpr_c3sl_participatorio_Usuario_senha" required="true" type="password" z="user-managed"/>
         <field:select field="permissao" id="c_br_ufpr_c3sl_participatorio_Usuario_permissao" items="${tipousuarios}" path="tipousuarios" z="Kpb8JBzpJ7PYZ9+dbrK6o6SJM18="/>
     </form:update>
 </div>